Skills
skills/qwenlm/qwen-code/tmux-real-user-testing/Gen Agent Trust Hub

tmux-real-user-testing

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill uses eval to execute strings generated by the scripts/tmux-real-user-log.sh helper script. It also dynamically assembles shell commands to be executed within detached tmux sessions.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill is designed to capture and log TUI screen contents during sensitive workflows such as /auth or authentication dialogs. These snapshots are saved as plain-text files (tmux-readable-full.log) in the local tmp/ directory, which may lead to the exposure of credentials, tokens, or private configuration data displayed on screen.
  • [COMMAND_EXECUTION]: Instructions guide the agent to run commands with the flag --approval-mode yolo, which is intended to suppress user confirmation and bypass safety gates within the application under test.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: Untrusted data from terminal output is ingested into the agent context via tmux capture-pane (found in SKILL.md and scripts/tmux-real-user-log.sh).
  • Boundary markers: Absent. The agent relies on simple grep or string matching on raw terminal output to determine its next actions.
  • Capability inventory: The skill has the ability to send arbitrary keys to a terminal, execute shell commands, and manage filesystem artifacts.
  • Sanitization: None. Captured terminal output is treated as trusted state information for the test loop.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 02:03 AM